On Wed, Apr 23, 2025 at 04:09:50PM +0200, Paolo Bonzini wrote: > On Sat, Apr 19, 2025 at 12:16 AM Edgecombe, Rick P > <rick.p.edgecombe@xxxxxxxxx> wrote: > > TDG.VP.VMCALL<INSTRUCTION.WBINVD> - Missing > > TDG.VP.VMCALL<INSTRUCTION.PCONFIG> - Missing > > WBINVD and PCONFIG need to be implemented (PCONFIG can be a stub). On the guest side I actively avoided using WBINVD as the only way for VMM to implement it is to do WBINVD on the host side which is too disruptive for the system. It is possible way to DoS the host. Do we really want to implement it on KVM side? It is good incentive for guests to avoid WBINVD. Hm. Maybe we would need it for partitioning scenario where L2 guest doesn't care if it runs under TDX and uses WBINVD. It would be neat to have per-KeyID WBINVD, but HW cannot do this. -- Kiryl Shutsemau / Kirill A. Shutemov
